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TECHNICAL FIELD 

The present invention relates to e-commerce transactions 
utilizing mobile electronic transaction devices, and more 
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particularly, to a mobile electronic terminal personal proxy 
for managing a digital signature transaction between a 
merchant server, a customer PC and a customer mobile 
electronic terminal . 

5 BACKGROUND OF THE INVENTION 

The increased popularity of the Internet has provided 
expanded opportunities for individuals to purchase items over 
the Internet by merely using a personal computer, a mobile 
terminal or combination of both to access online merchants 

10 and purchase various types of products. These types of 
purchases are done in a number of fashions. A customer may 
utilize their own PC to interconnect with a merchant via the 
Internet, request a purchase of an item, provide purchase 
information and have the purchased item shipped to them via 

15 services such as UPS or FedEx. Alternatively, electronic 
commerce items may be purchased wherein the item purchased 
by the customer is directly downloaded to the customers PC 
from the merchant . 

In addition to purchasing items using a customer's PC, 

20 the use of mobile electronic transaction devices (such as 
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mobile telephones, laptop computers, personal digital 
assistants, etc. } , have become popular wherein a customer may 
purchase an item via the Internet using their mobile 
electronic transaction device which operates using the 
5 wireless application protocol (WAP) or some other type of 
mobile internet protocol. The mobile electronic terminal may 
provide functionalities for identifying customer payment 
information for the merchant and may store receipt 
information for various purchases made by the customer. 

10 Present developments within the electronic commerce shopping 
area have begun to utilize mobile electronic transaction 
devices for identification, payment and receipt storage. 
Many times this may require a merchant computer, customer PC 
and customer mobile electronic terminal to operate together 

15 in order to perform the transaction. Presently, there exists 
no functionality for controlling a transaction involving each 
of these three entities. 

SUMMARY OF THE INVENTION 

The present invention overcomes the foregoing and other 
2 0 problems by providing a mobile electronic transaction (MeT) 
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personal proxy enabling interactions between a customer PC, 
a merchant server and a mobile electronic terminal to obtain 
a digital signature in an electronic transaction. Upon 
receipt of a request for a digital signature during an 
5 electronic transaction, the Mobile electronic transaction 
proxy notifies a web browser of the request for the digital 
signature. Once the digital signature has been obtained, it 
is appended to a data string contained within the originally 
provided request. The web browser is notified that the 
10 digital signature has been obtained, and the data with the 
appended digital signature is transmitted back to the 
merchant . 

BRIEF DESCRIPTION OF THE DRAWINGS 

A more complete understanding of the method and 
15 apparatus of the present invention may be obtained by 
reference to the following Detailed Description when taken 
in conjunction with the accompanying Drawings wherein: 

FIGURE 1 is a block diagram illustrating the 
relationship between a document and a hash of a document; 
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FIGURE 2 illustrates the use of a mobile terminal for 
digitally signing a document in conjunction with a viewing 
location; 

FIGURE 3 illustrates a first embodiment wherein the 
5 digital signature is provided using the combination of a 
trusted PC and a mobile terminal; 

FIGURE 4 is a flow diagram illustrating the method of 

FIGURE 3; 

FIGURE 5 is an illustration of alternative embodiment 
10 wherein a digital signature is obtained using a crypto module 
and a mobile terminal; 

FIGURE 6 illustrates the document and hash displays at 
a PC and a mobile terminal; 

FIGURE 7 is a flow diagram illustrating the method of 
15 FIGURE 5; 

FIGURE 8 illustrates a method for obtaining a digital 
signature between a PC, a trusted party and a mobile 
terminal ; 

FIGURE 9 is a flow diagram illustrating the method of 
2 0 FIGURE 8; 
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FIGURE 10 illustrates the use of streaming data between 
a PC and a mobile terminal to obtain a digital signature; 

FIGURE 11 is a flow diagram illustrating a first method 
of utilizing streaming data as illustrated in FIGURE 10; 
5 FIGURE 12 illustrates a second method for utilizing 

streaming data as shown in FIGURE 10. 

FIGURE 13 is a block diagram of a further embodiment 
including a customer PC, merchant server and customer mobile 
terminal and the interactions therebetween; and 
10 FIGURE 14 is a flow diagram illustrating the method of 

the system illustrated in Figure 13 . 

DETAILED DESCRIPTION 

Referring now to the drawings, and more particularly to 
the FIGURE 1, there is illustrated a document 10 and a hash 

15 15 of the document 10. The document 10 would consist of a 
copy of text which may comprise a contract, letter, sales 
receipt, or any other item that may need to be signed by a 
user. The hash 15 contains a listing of information 
pertaining to the document. This information could include, 

2 0 for example, a document title, a document number/id, an 
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author/name id, and a hash representation which may be 
numeric, alpha -numeric or symbolic. 

Referring now to FIGURE 2, there is illustrated a 
general representation of the manner for using a personal 
5 trusted device such as a mobile terminal 20 to digitally sign 
a document 10. Alternatively, the personal trusted device 
could be a laptop computer, personal data assistant, pager 
or another mobile electronic device. The document 10 is 
forwarded to some type of viewing location 25 such as a PC, 

10 trusted server or other area which will be discussed 
momentarily. The document 10 is provided to the viewing 
location 25, where it may be displayed in its entirety by a 
user wishing to digitally sign the document 10. The hash 15 
is created at the viewing location 25 or at a location 

15 associated with the viewing location 25 such that the hash 
15 may be transmitted to the mobile terminal 2 0 over a 
wireless or wireline connection. The user may view the 
document 10 in its entirety at the viewing location 25 and 
digitally sign the hash 15 at the mobile terminal 20. 

20 A first embodiment is illustrated in FIGURE 3 where 

there is illustrated a method for obtaining a digital 
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signature using a trusted PC 30. In this embodiment, the 
information contained on the trusted PC 3 0 is assumed to be 
accurate, including the document 10, and the only thing 
needed to be protected is the communications channel 32 
5 between the trusted PC 30 and the mobile terminal 20. The 
communications channel 32 may utilize a serial cable, 
infrared link or Bluetooth (Bluetooth is a trademark of 
Telef onaktiebolaget LM Ericsson) pairing for transmitting 
data. The only requirement for this embodiment is that the 

10 trusted PC 30 be authenticated and the integrity of the data 
be protected over the communications link 32. 

Referring now to FIGURE 4, the trusted PC 3 0 receives 
the document 10 to be digitally signed at step 35. The 
mobile terminal 20 must authenticate the trusted PC 30 at 

15 step 40 to confirm that the mobile terminal 20 is linking 
with the proper trusted PC 30 . After authentication, the 
communications channel 32 is established at step 45, and the 
hash 15 of document 10 is transmitted at step 50 to the 
mobile terminal 20. The user views the entire document 10 

20 at the trusted PC 30 and provides the digital signature at 
step 55 using the mobile terminal 20. The digital signature 



DaHas2 703836 v 1, 34650 00597USPT 



8 



Patent Application 
Docket #34650-00597USPT 

P13626US2 



may be automatically provided by entering a PIN number at the 
mobile terminal 20. 

A further embodiment, shown in FIGURE 5, uses a crypto 
module 7 0 which may be implemented in a browser 65 contained 
5 within a PC 60. The crypto module 70 is integrated within 
the browser 65 and implements cryptography such as PKCS#11 
and MS CAP I, In order to integrate the crypto module 70 
within the browser 65, authenticity and integrity of the 
crypto module 70 must be verified by the PC operating system 

10 or the browser 65 before the module 70 is used. The crypto 
module 70 displays the document 10 to be signed along with 
the hash 15 to be transmitted to the mobile terminal 20 as 
is illustrated in FIGURE 6. The mobile terminal 20 may also 
authenticate and integrity protect the communications channel 

15 75 between the PC 60 and mobile terminal 20 as discussed 
previously with respect to FIGURES 3 and 4. 

Referring now to FIGURE 7, there is illustrated a flow 
diagram of the method for obtaining a digital signature 
utilizing a crypto module 70. The document 10 to be signed 

2 0 is received at step 8 0 and displayed by the crypto module 70 
using the browser 65 at step 85. The mobile terminal 20 
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authenticates the PC 60 and crypto module 70 at step 90 and 
establishes a communications channel 75 at step 95. The hash 
15 of the document 10 is transmitted at step 100 to the 
mobile terminal 2 0 such that the hash 15 may be displayed at 
5 step 105 on a display of the mobile terminal 20. The user 
views the displayed hash 15 at the mobile terminal and the 
document 10 displayed at the crypto module 70 and provides 
at step 110 a digital signature of the document 10. 

Referring now to FIGURE 8, there is illustrated a 

10 further embodiment for obtaining a digital signature of a 
document 10 wherein a trusted party 115 is used. In this 
embodiment, after receipt of a document 10, a PC 12 0 forwards 
the document through a web server 125 to the trusted party 
115. Within the web server 125 a servlet 130 generates a 

15 hash 15 that is to be signed by the user at the mobile 
terminal 20. The hash 15 and document 10 are forwarded from 
the web server 125 to the trusted party 115, and the hash is 
forwarded to the mobile terminal 2 0 via a communications 
channel 135. The data is transmitted from the PC 120 to the 

2 0 web server 125 and from the web server 12 5 to the trusted 
party 115 using SSL/TLS protocol. 
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Referring now to FIGURE 9, there is provided a flow 
diagram more fully illustrating a method for obtaining a 
digital signature using a personal trusted device such as a 
mobile terminal 20 through a trusted party 115. The document 
5 10 to be signed is received at the PC 12 0 at step 140, and 
a user requests a digital signature at the PC 120 at step 
145. The trusted party 115 authenticates the PC 120 at step 
150 before the connection established from the PC 120 to the 
web server 125 to the trusted party 115. Alternatively, the 
10 PC 120 may have been previously securely identified at the 
trusted party 115 and already have a registered mobile 
terminal 2 0 on file with the trusted party 115 for the 
transaction. 

After the PC 120 has been authenticated, the request for 
15 a digital signature is transmitted to the web server 125 at 
step 155 along with the document 10. The servlet 130 
generates a hash 15 from the provided document 10. The hash 
15 along with the document 10 and the request for the digital 
signature are forwarded at step 165 to the trusted party 115 
20 from the web server 125. The trusted party 115 sends at step 
170 the hash 15 to the mobile terminal 20 over a 
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communications channel 135. After viewing the document at 
the trusted third party, the mobile terminal provides the 
digital signature at step 180 , and the mobile terminal 20 
notifies the trusted party 115 of the signature at step 185. 
5 The trusted party validates the provided digital signature 
and updates and notifies the transaction as being signed at 
both the PC 120 and mobile terminal 20 at step 190. 

Referring now to FIGURE 10, there is illustrated yet 
another embodiment wherein a PC 200 transmits a document 10 

10 to the mobile terminal 2 0 as streaming data. The general 
concept behind the use of streaming data is that all or a 
large portion of the data, not only the hash, shall be 
transmitted to the mobile terminal 20 for signature 
generation. The data to be signed is displayed at the PC 200 

15 and is streamed to the mobile terminal 20. The problem still 
exists that the entire document cannot be displayed to a user 
on a small screen of the mobile terminal 20, and the internal 
buffers of the mobile terminal 20 are not normally large 
enough to store a large document. This requires the use of 

2 0 one of two solutions described in more detail in FIGURES 11 
and 12 . 
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Referring now to FIGURE 11, there is illustrated a 
method wherein a user utilizes a mouse at the PC 200 to 
select relevant text at step 205 that the user considers to 
be essential. The selected text and the hash 15 are 
5 transmitted to the mobile terminal at step 210. The user 
digitally signs the received information at step 215 after 
viewing the provided text and the hash 15. 

Referring now to FIGURE 12, there is illustrated an 
alternative embodiment wherein a user may trigger a button 
10 or activation point at step 220 of the mobile terminal 20. 
Responsive to the trigger, the mobile terminal 2 0 displays 
the present content of its buffers at step 225. The user may 
then digitally sign a document at step 23 0 based upon what 
is viewed. 

15 Despite being unable to display or even store a large 

document 10, the mobile terminal 2 0 may be able to receive 
the text of the document 10 from the PC and compute the hash 
15 from the received text. The hash 15 computed in the 
mobile terminal 20 can then be compared in the mobile 

20 terminal 20 with the hash 15 transmitted by the PC which the 
user is being invited to sign. Other checks such as byte 
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count can also be computed in the mobile terminal 2 0 to 
verify that the document 10 to which the hash code 15 applies 
is the claimed document 10. It would be preferable to 
include the document byte count as part of the bytestring 
5 over which the hash code 15 is computed. The above steps 
provide additional security safeguards to the user that he 
is signing what he thinks he is signing. 

Referring now to FIGURE 13, there is illustrated an 
alternative embodiment for providing a digital signature 

10 including a customer PC 250, a merchant server 255 and a 
customer mobile electronic transaction (MeT) device 260. The 
customer PC 250 includes a web browser 265 enabling the user 
to access the merchant server 255 via a network such as the 
Internet. The customer PC 250 further includes a mobile 

15 electronic terminal personal proxy (MPP) 270 for controlling 
electronic commerce transactions between the customer PC 250, 

A 

the merchant server 255 and the customer Mobile electronic 
transaction device 260. The MPP 270 is accessed via the web 
browser 265. The MPP 270 comprises a software module that 
20 is executable by the customer PC 250. Communications between 
the browser 265 and MPP 270 and between the MPP 270 and the 
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merchant server 255 use HTTP protocol (extended to handle the 
Mobile electronic transaction specific header information) 
over TCP/IP. The MPP 270 enables the customer PC 250 to act 
as a server for a Mobile electronic transaction device 260. 
5 Access to the Mobile electronic transaction device 260 will 
only require user provided authentication (password, PIN) 
when payment is requested. 

An application 2 75 within the customer PC provides any 
of a number of functionalities with respect to an electronic 

10 commerce transaction. With respect to the following 
description of the method of the present invention, the 
application 275 will provide a digital signature 
functionality wherein a data string provided from the 
merchant server 2 55 may have a digital signal appended 

15 thereto by the application 275. 

The web server 280 provides the ability for the mobile 
terminal to connect to services in the PC 250. The WAP 
gateway 285 provides for the ability of a wireless device 
such as the Mobile electronic transaction device 260 to 

2 0 access the Internet using the WAP protocol through the 
customer PC 250. The WAP gateway 285 acts as an interface 
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between a WAP network and a TCP/IP network such as the 
Internet. The WAP gateway 285 converts between the WAP and 
TCP/IP protocols. 

The Bluetooth stack 290 enables the customer PC 250 to 
5 generate a short range wireless link with the Mobile 
electronic transaction device 260 within a limited, defined 
area using the Bluetooth protocol. While the present 
invention is described with the use of a short range wireless 
link using the Bluetooth protocol, it should be realized that 

10 any other short range wireless protocol enabling the customer 
PC 250 to access a closely located Mobile electronic 
transaction device 260 or other information devices would be 
useful within the context of the present invention. 

The mobile electronic transaction device 260 may consist 

15 of a mobile telephone, laptop computer, personal data 
assistant , or any other similarly configured mobile 
electronic device which contains information necessary to 
complete an electronic commerce transaction. The merchant 
server 255 includes applications 295 for performing necessary 

20 functionalities for completing an electronic commerce 
transaction with the customer PC 250 and a web server 300 
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enabling the merchant server to obtain access to a network 
such as the Internet. 

Referring now also to FIGURE 14, there is illustrated 
a flow diagram illustrating the manner in which the MPP 270 
5 controls a request for performance of a digital signature 
between a customer PC 250, merchant server 255 and Mobile 
electronic transaction device 260. At step 3 05, a request 
is transmitted from the web browser 265 to the MPP 270. The 
MPP 270 forwards the request to the web server 3 00 of the 

10 merchant server 255 at step 310. The request may comprise 
a request to purchase a particular item or to download 
already purchased products. 

In order to process the request, the merchant server 255 
requires a digital signature from the customer. The merchant 

15 server 255 responds to the request by transmitting at step 
315 a response that includes a specific data string and a 
request for digital signature to be attached to the data 
string. The merchant response to the request from the MPP 
270 comprises a URI containing a specific HTTP 1.1 header: 

20 for example: [Mobile electronic transaction- sign : 

,, http://merchantsite.com/responsesite/ n , "String to sign"] . This 
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comprises an instruction for the Mobile electronic 
transaction device 260 to sign the attached data string and 
transmit the digitally signed data string back to the 
indicated HTTP site. The MPP 270 will pass most requests or 

5 responses through without taking action. However, once a 
Mobile electronic transaction command is detected within a 
request or response the MPP 270 is actuated. The MPP 270 
recognizes the Mobile electronic transaction command included 
in the HTTP header and transmits at step 320 a notification 

0 to the browser 265 indicating a digital signature has been 
requested. It should be realized that Mobile electronic 
transaction commands other than a request for a digital 
signal may also be utilized. The web browser 265 will 
display a page having a PRAGMA REFRESH (fetch from server 

5 when reloaded, i.e., do not cache) header command while the 
digital signature is obtained. 

The data string within the response from the merchant 
server 255 is forwarded at step 325 to the application 275 
within the customer's PC 250. Responsive to the received 

0 data string, the application 275 transmits at step 330 a 
command to the Bluetooth stack 290. The command instructs 
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the Bluetooth stack 290 to awaken the Mobile electronic 
transaction device 260, if possible. The awakening is 
accomplished by transmitting an AT command to the Mobile 
electronic transaction device 260 using Bluetooth at step 
5 335. Responsive to this awakening, the Mobile electronic 
transaction device 260 will request at step 336 the same 
application of the Mobile electronic transaction device 260. 
The application within the Mobile electronic transaction 
device 260 executes at step 340 a WML script code that will 

10 provide a request containing the digital signature 
(response) . At step 345 the response including the digital 
signature is transmitted to the web server 280 via the 
Bluetooth stack 290 and WAP Gateway 285. The response is 
then passed to the application 275. The application 275 

15 appends the digital signature to the provided data string at 
step 350 and notifies the Bluetooth stack 290 of the 
completed signature at step 355. 

The application 275 forwards at step 360 the digitally 
signed data string back to the MPP 270. The MPP 270 notifies 

20 the browser at step 365 of the completed signing of the data 
string which then begins reloading a URI displaying an 
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indication that the data string has been signed. The MPP 
transmits at step 3 70 an HTTP request to the URL contained 
in the original HTTP header 

(http : / /merchantsite . com/responsesite/) containing the signed 
data string. Upon receipt of the signed data string the web 
server 300 within the merchant server 255 transmits a 
response back to the MPP at 375 notifying the web browser 265 
of the customer PC that the transaction is completed. 

The previous description is of a preferred embodiment 
for implementing the invention, and the scope of the 
invention should not necessarily be limited by this 
description. The scope of the present invention is instead 
defined by the following claims. 
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